babadeda | 6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f | Triage

Submit
Reports

Overview

overview

Static

static

6a98d63304...0f.msi

windows7_x64

6a98d63304...0f.msi

windows10-2004_x64

Sharing

General

Target

6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f
Size

6.8MB
Sample

220626-xnjgfacack
MD5

f2e78426d5fd410725ceb00c4f821903
SHA1

13bccee212ce368477259b317cb36d1b65f43f58
SHA256

6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f
SHA512

737e94d4932139b1b5944658b1c498effdbdf0ee881c8e35889cb5cfc1309eab5bdf4fa97366262bf4c8860fff9407f92e095c1bc003b40c17791dbc211abc89

Score

10^/10

babadeda remcos win32lux crypter loader rat

Static task

static1

Behavioral task

behavioral1

Sample

6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f.msi

Resource

win7-20220414-en

babadeda remcos win32lux crypter loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f.msi

Resource

win10v2004-20220414-en

babadeda remcos win32lux crypter loader rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

Botnet

Win32LUX

C2

144.91.79.86:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
Win32_64.exe
copy_folder
Logs
delete_file
false
hide_file
true
hide_keylog_file
true
install_flag
false
install_path
%UserProfile%
keylog_crypt
false
keylog_file
log.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
GDSGFDS42424FSAF-RP31EK
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title

Targets

- Target
  
  6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f
- Size
  
  6.8MB
- MD5
  
  f2e78426d5fd410725ceb00c4f821903
- SHA1
  
  13bccee212ce368477259b317cb36d1b65f43f58
- SHA256
  
  6a98d63304df05f55265f42ad5f8e2e4be63c35181a103f1328f60e96e3f0e0f
- SHA512
  
  737e94d4932139b1b5944658b1c498effdbdf0ee881c8e35889cb5cfc1309eab5bdf4fa97366262bf4c8860fff9407f92e095c1bc003b40c17791dbc211abc89
Score

10^/10

babadeda remcos win32lux crypter loader rat
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babadedaremcoswin32luxcrypterloaderrat

behavioral2

babadedaremcoswin32luxcrypterloaderrat

© 2018-2025

Terms | Privacy